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AN APPARATUS FOR EFFECTING AND RECORDING MONETAR Y TRANSACTIONS 



ting and recording monetary transactions. certain fraudulent transactions are p 

Conventional wallets in which one carries cash money caved encoded data will not aco 

have long been known. One can open the wallet and expected data 

extract an amount which does not exceed the present value s This apparatus suffers from a 



tages. First, it is possible to bypass a portion of the iden- 
tification system of each apparatus unit thereby lowering the 
security of the system. Second, and more importantly, 



Many methods exist for removing the inconvenience I 
and risks of carrying cash in one's wallet These include 
personal checks, traveler's checks, vouchers and credit tarn with collapse. Third, coded identification for all the' at 

cards, just to name a few. In addition, in order to eliminate units are included in the memory of each unit, rgquirini 

thods have large memory capacity. 



These systems suffer from a number of disadvantages. 
There is no easy way to verify that a payment received is 
not forged or that It is backed by proper credit (partJculariy 
in the case of checks and credit cards). Payments received 
cannot easily increase the current value or fund which is 
available for making payments. Electronic fund transfer sys- 



justing the registered value to selectabfy indicate pi 



one to make payments but not to receive them. They are According to a preferred embodiment of the invention, 
similar to ordinary automatic credit cards or banking cards, the means for salectabty adjusting includes means for deter- 
such as BANKOMAT in Europe, but the identification pro- 30 mining whether the transaction is permitted, and means for 
cedure seems to be more reliable since it may involve some effecting transfer of value coupled to the means for register- 
cryptographic computations and not merely reading a mag- ing present value. 

netic tape. The details of their operation have not been Further according to a preferred embodiment, the 

published means for identity verification includes c 

Davies' Signature Token described by D.W. Davies in 38 which may include secret key encoder 
"Use of the 'Signature Token' to Create a Negotiable 
Document", presented in Crypto 83, Santa Barbara. CA, 
U.S.A, August 1983 claims to enable 
forgeries, but is unable to register the b 



Further in accordance with a preferred embodiment. 



U.S. Patent 4,320,387 to Powell discloses apparatus 
for providing secured cormmmication of information compris- 
ing individual units including display of Information to be 
communicated, electronic circuit means providing automatic 



specific transfer of informs- There is further provided mear 

ge means for recording of tion of the apparatus. 

adiant energy signal trans- According to another aspect of the present invention 

miffing devices for effecting coupling of any two selected there is provided apparatus for effecting and recording 



effect generation of the communication to the two selected 
units and to provide security of transmission. This electronic 
circuitry Includes a time-control base which is functional to 
change its control function in the same amount of time as 



ol input for identifying, a 



trie recording phase of operation. receiving an encoded input signal 

In operation, a coded signal corresponding to the in- fiftaation of an apparatus with which the transi 

tarnation to be transferred is transmitted by one apparatus effected: means for decoding and verifying 

and received by the second. The receiving apparatus uB- .... 
Ikes the same time-control base encoding to encode the 
data it expects to receive (La, as manually input by the 
owner). It then compares the received encoded data with 
the encoded expected data If identical. 



2 



3 



0 172 670 



the apparatus with which the transaction is to be effected; ported stolen or lost Such a list could be supplied to the 
means lor receiving an encoded input signal corresponding s wallet during validation. By is; 
to the monetary value and direction of the transfer in "~ * ■- - - ■- 



understood and appreciated from the following detailed d< 
scription taken in conjunction with the drawings in which: 
Fig. i is an illustration of an electronic wallet cor 



Fig. 2 is a block diagram illustration of the ete 
circuitry employed in the electronic wallet of Figure 1. 
With reference to Fig. 1 there is shown an ete 




rs to the wallets periodically, this list can be kept 
short 

Preferably the wallet includes an audit trail, a list of all 



accordance with an embodiment of the present invention. 



Referring now to Fig. 2 there is shown in block dia- 
gram form the electronic circuitry employed in the electronic 
wallet of Figure 1. The circuitry includes a CPU 20 such as 
a microprocessor, including input/output interface and a 
ROM, for example model 80*1 A of Intel Corp., USA, a 
RAM 22. such as a 64K RAM, model number 2184 and 

Corp., and an ESPROM 26, such as an ESPROM, 2K x 8, 
model 2817 of Intel Corp, all coupled by bus 28. The 
wallet is powered as by batteries (not shown). RAM 22 




In order to provide unforgeable present values and 
receipts, an asymmetric or public key encoding system Is 
preferah^ employed for identity verification throughout the 

the apparatus and known to no-one, Is used to encode the 
data to be transferred to the other apparatus which is a 
party to the transaction. Similarly, data received from the 
other apparatus win be received encoded by the secret key 



of the transaction. Thus, while arty apparatus is capable of 

^ „ decoding the data received by it only the legitimate wallet 

i as a Time of Day (T.O.D.) Clock, number can encode data it transmits with its own secret key This 

WD2412, manufactured by Western Digital Corp.. USA, ss means that forgery is possible only by cracking thedpher 

which acts to record the time at which each transaction of using the public key. 

the wallet occurs (30 bits are sufficient to represent time A particularly suitable public key cryptosystsm has 

wnh resolution of seconds over a period of 30 years). The been proposed by Rivest Shamir and Adelman in "A 



al time clock permits transactions be 



Method for Obtaining Digital Signatures and Public Key 
Cryptosystems", Comm. ACM. Vol 21, February 1978. pp. 
120-128, to be utilized for internal encoding of data to be 
transferred between wallets. Alternatively, any other public- 
key signature cryptographic system will suffice, such as that 
described by Rabin, M.O. in "Digitalized Signatures and 
Public-Key Functions as Intractable as Factorization", 
MIT/LCS/TR-212, January 1979. 



The various keys and passwords utilized by the owner 
for user identification, by the wallet for decoding and by the 
validating institution, will be found in the memory of the 
wallet It will be appreciated that the preferred user iden- 
tification and identity verification means are also suitable for 
identification from afar, such as through a telephone line or 
other means of communication. 

It is a particular feature of the present embodiment that 
only the public keys of the banks or validating institutions 
and the public key of the owner signed by the bank need 
be retained in the memory of the wallet to permit transac- 
tions with all other wallets. Thus, a much smaller memory is 
required than in existing devices. 

The particular advantage of 'using a public key cryp- 
tosystem is that, even if someone should manage to break 
the cipher in one wallet to forge transactions therein, he will 




Preferably the wallet also includes means for destroy- 
ing the information stored therein which is activated in the 
event that an attempt is made to penetrate the wallet 
physically or through some signals other than the legitimate 

s signals used in the user identification means or in the 
protocols. For example, the wallet may be constructed in 
such a manner that opening it will short circuit the batteries, 
or destroy the microprocessor, or that x-rays or other at- 
tempts to read the encoded information will serve to destroy 

'0 the coding. This serves to further prevent compromise of 
the whole monetary system by unauthorized entry into a 
wallet 

The wallet is validated through a renewal protocol with 
an authorized institution, such as a bank. The complemen- 

15 tary device owned by the institution would read the audit 
trail of the wallet since Its latest validation, erasing it from 
the wallet insert the new value and supply additional in- 
formation which may be useful. A flow chart of a suitable 
renewal protocol is given in the following chart 

20 RENEWAL PROTOCOL 



Wallet " Authority 
(Identification) — > 

< (Identification) 

(Audit trail) > 

< (signed new keys) 

< (list of invalid wallets) 



where (DATA) — > indicates the transfer of data in the 
direction indicated by the arrow. 

Transfers of money are effected by means of a trans- 
action protocol. Operation of the wallet In general terms, is 
as follows. For example, suppose I and j have agreed on a 
payment of v dollars by i to j. Each must first identify 
himself to his wallet by entering his password on the key- 




may take place only if both parties agree to it. 

The wallets are now coupled to one another via con- 
necting means which may be a connecting jack or a tele- 
phone modem or any other means of coupling the wallets 
for transmitting and receiving of information from one an- 
other. The transfer of value from i's wallet to f s is earned 
out through a proper transaction protocol It will be appre- 
ciated that such a transfer is only permitted if i's wallet has 
the necessary value, i.e.. If the value of the paying wallet is 



greater than or equal to the sum to be paid. The result of 
45 the transaction Is that the value in i's wallet has been 

reduced by v while the value in j's wallet has increased by 

v, the sum of the values of the wallets not being changed 

by the transaction. 

An unforgeable receipt or cryptographically signed 
SO proof of having paid the amount of the transaction, is 

secret code, and registered therein. At the same time, in 
unforgeable proof of receipt of payment is registered in j's 
, wallet in the form of data encoded by i's secret code. 
53 These proofs of payment and receipts are added to the 
wallers audit trafl. 

A flow chart of an example of a suitable transaction 
protocol including a public key cryptosystem is as follows. 
TRANSACTION PROTOCOL 
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Wallet of i 
— >(i Password; Pay vi) 
Is Vi < vi? 

If yes, (EM) > 

If no, Dx(ei,i) > 

< 

Is vi = vj and is t reasonable? 

If no, (EM) > 

If yes, (ej,j):= Ex(Dx(eJ,J)) 

< 

Di (vi.t, j) > 

<v",t",i»):=Ej(Dj(vj,t,j)) 
If (v",t",i'») = (vj,t,i), 
then Vi:= Vi - vi 



Wallet of j 
->(j Password; Receive vj) 



(ei,i):= Ex(Dx(ei,i)) 
-(vj, t, Dx(ej.j) 



(V ,t' ,j'):=Ei(Di(vi,t,j)) 
If (V,f ,j-) = (vi,t,j), 
then Vj:= Vj + vj 



wallet of y; vy - value in 
- real Brno; (DATA)— > - 
of the arrow; and (EM)—- > 



protocol (tow chart and with 



Assuming a public-key cryptosystem is used, the public-key with the current present v„™» „ auai „ uole 

riuser i is a pair of operators (Ei, Di) each of which is whether the transaction is permitted. If vi is greater th 

operative to cancel the operation of the other, i.e., for every 50 an error message is sent, r 

word W. S(DI(W)) - w. Operators B and Di serve to If vi is less than or 



^rJ. Upon recsi P t °* *k data, the value j punched into his 

The present contents of user j's wallet include ex (the wallet aa being the amount of the transaction (vj), the real 

pubic key of the bank or other renewing institution) and dj time (t). and j's public key certified by the bank, namely j's 

(js secret key), as well as Dx(ejj) (j's public key certified by «0 public key and identity (ej.j) encoded by operation thereon 
the bank and indicating that this is a valid wallet), t repre- of the bank's secret key (operator Dx) are all transmitted to 

sents real time as measured by the real time clock. i's wallet In i's wallet, j's public key is decoded by the 

operation of the public key of the bank (Ex). 

w compares vi and vj to verify that the value 

le at which it transmitted its identify- 
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n 10, 11, 12 or 13, and 
rang includes a real time 
clock and means coupled to said real time clock and to said 



h said cryp- 

17. Apparatus according to any preceding claim, which has 
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